Every year thousands of companies are compromised and the authentication information for many is stolen. The consequence of such breaches is immense and damages the trust between individuals and organizations. There is significant overhead for an organization to secure it's authentication methods, often usability is sacrificed. Users must trust organizations with their info and organizations must trust that their methods of storage are secure. We believe this presents a significant trust and usability problem. What if we could leverage the blockchain, to do this authentication trustlessly between parties? Using challenge and response we'd be able to avoid passwords completely. Furthermore, this system of permissions could be extended from the digital world to physical assets, i.e. giving somebody the privilege to unlock your door.
What it does
Entities can assign and manage privileges for resources they possess by publishing that a certain user (with an associated public key) has access to a resource on the ethereum blockchain (this can be temporary or perpetual). During authentication, entities validate that users hold the private keys to their associated public keys using challenge and response. A user needs only to keep his private key and remember his username.
How we built it
We designed and deployed a smart contract on the Ropsten Ethereum testnet to trustlessly manage permissions. Users submit transactions and read from this contract as a final authority for access control. An android app is used to showcase real-life challenge and response and how it can be used to validate privileges trustfully between devices. A web app is also developed to show the ease of setup for an individual user. AWS Lambda is used to query the blockchain through trusted apis, this may be adjusted by any user to their desired confidence level. A physical lock with an NFC reader was to be used to showcase privilege transfer, but the NFC reader was broken.
Challenges we ran into
The NFC reader we used was broken so we were unable to demonstrate one potential application. Since Solidity (Ethereum EVM language) is relatively new there was not an abundance of documentation available when we ran into issues sending and validating transactions, although we eventually fixed these issues.
Accomplishments that we're proud of
Trustless authentication on the blockchain, IoT integration, Ethereum transactions greatly simplified for users (they need not know how it works), and Login with username
What we learned
We learned a lot about the quirks of Ethereum and developing around it. Solidity still has a long way to go regarding developer documentation. The latency of ethereum transactions, scalability of ethereum, and transaction fees on the network present limiting factors towards future adoption, though we have demonstrated that such a trustless authentication scheme using the blockchain is indeed secure and easy to use.
What's next for Keychain
Use a different chain with faster transaction times and lower fees, or even rolling our own chain using optimized for keychain. More digital and IoT demos demonstrating ease of use.